In what is one of the largest and intricate Internet attacks of all time, banks across the globe have been breached since 2013, allowing hackers to walk away with over $300 million in less than two years. Among the 100 banks from 30 countries that have been affected, Russia, Japan, Europe and the US are within that pool of nations.
An extremely advanced malware attack seems to be part of the cause, as discovered by Kaspersky Labs, the team which completed a report on the matter. So far, no banks have stepped up to admit they've been attacked, probably due to the severe nature of the breach. On the heist, Kaspersky NA's manager Chris Doggett said,
This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.
Just how covert were these criminals? According to the report, the robbers were calculated and meticulous with their actions, going so far as to install surveillance software onto bank computers in order to track and measure operations over a long period of time. Then, they were able to disguise themselves as actual bank employees to draw up to $10 million out of customers' accounts. A particular client of Kaspersky has alleged that they are missing over $7.3 million from their bank account from ATM withdrawals.
The good news, for us in the United States at least, is that almost all of the banks affected are based out of Russia. However, Kaspersky says the malware is spreading and still active. When the security firm reached out to the Financial Services Information Sharing and Analysis Center, the financial industry's advisory board on cyber attacks and malicious software, the agency said that it is aware of the breach and has "disseminated intelligence on this attack to the members." Customers of affected banks have not yet been informed of the attack.